Your Medical Scans Could Be Used by AI: What You Need to Know About Privacy Risks

Your Medical Scans Could Be Used by AI: What You Need to Know About Privacy Risks

Artificial intelligence is becoming a standard tool in radiology. Hospitals and clinics now routinely use AI to help detect tumors, fractures, and other abnormalities in X-rays, CT scans, and MRIs. The technology can speed up diagnoses and reduce human error, and for many patients, that’s a clear benefit.

But there is a less visible side to this progress. The same medical images that AI analyzes can also be misused in ways that most patients never consider. Recent research presented at the Radiological Society of North America (RSNA) shows that AI-created “deepfake” X-rays can fool both radiologists and AI detection systems. Meanwhile, special reports have warned about cybersecurity threats specifically targeting AI tools in radiology, including large language models that could be exploited to manipulate or steal imaging data.

If you’ve ever had a scan, your images may already be part of an AI training dataset. Here is what you need to know about the risks and how to protect yourself.

What Happened

In early 2026, researchers presented studies at the RSNA annual meeting demonstrating that deepfake medical images—artificially generated or altered scans—are now convincing enough to deceive trained radiologists and the AI systems designed to catch forgeries. One study showed that deepfake chest X-rays could be inserted into a hospital’s picture archiving and communication system (PACS) without immediate detection.

Separately, an RSNA special report published in 2025 examined how large language models (like those used to power AI chatbots) could be hijacked in radiology settings. Attackers might use them to craft realistic-looking but fraudulent imaging reports, or to extract patient data from AI systems that process scan results. These threats are not hypothetical; early proof-of-concept attacks have already been demonstrated in controlled environments.

Why It Matters

Medical images are deeply personal. They reveal not only your identity (your face, your body structure) but also intimate details about your health—from a broken bone to a lung nodule to early signs of cancer. When that data is fed into an AI system, it can be stored, analyzed, and sometimes shared with third parties for research or algorithm improvement.

The immediate privacy risks fall into three categories:

• Deepfake medical fraud. Someone could create a fake X-ray showing a tumor that does not exist, submit it to an insurer, and claim treatment costs. Your real images could be used as templates for these forgeries.
• Unauthorized data sharing. Your images may be sent to outside vendors for AI training without your informed consent. Patients often sign broad consent forms that do not specify how images or data will be used, especially for commercial purposes.
• Identity theft and blackmail. A stolen scan linked to your name could be used to extort you or to discriminate against you in employment or insurance underwriting.

Current US regulations like HIPAA cover medical images as protected health information, but they have significant gaps when it comes to AI. HIPAA does not clearly govern how images are used in machine learning training sets, nor does it address the risk of AI-generated forgeries that could be used to impersonate a patient or their medical history.

What Readers Can Do

You cannot fully control how a hospital uses your images, but you do have rights and options. Here are concrete steps you can take.

1. Ask your provider about AI use. Before a scan, ask whether AI will be used to analyze the images and whether your images will be shared with any third party for algorithm training. Some institutions have policies that give you a chance to opt out of non-essential data use.

2. Read the consent forms carefully. Many radiology consent forms include broad language about “data sharing for research and development.” If you are uncomfortable, you can ask to limit data use to your direct care only. Hospitals may or may not accommodate this, but it is worth asking.

3. Monitor your medical records. Regularly request copies of your imaging reports from your healthcare providers’ patient portals. Check that the findings match what you were told. If you see an imaging study in your file that you do not recall having, report it immediately.

4. Keep an eye on breach notifications. Hospitals are required to notify you if a data breach involves your health information. Sign up for alerts and act quickly if you receive one—this can include offering you credit monitoring or identity theft protection.

5. Push for stronger policies. Support patient advocacy groups that call for clearer rules on AI in healthcare. Ask your elected representatives to close the gaps in HIPAA and to require that patients give explicit, informed consent before their imaging data is used for AI training.

What’s Next

The technology is moving faster than the safeguards. Researchers and professional bodies like RSNA are urging policymakers, hospitals, and AI vendors to adopt transparency standards and technical protections. In the meantime, being an informed patient is your best defense.

Medical imaging AI can improve your care, but it also opens a door to risks that most people do not anticipate. Knowing those risks and taking small steps to protect your data will not guarantee total privacy—but it will put you in a stronger position.

Sources

• Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” Presented at RSNA 2026.
• Radiological Society of North America. “Special Report Highlights LLM Cybersecurity Threats in Radiology.” Published May 2025.
• Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” May 2026 (news release).